Skip to content
em sa em sa

Password Login

POST
/api/auth/login
 
curl --request POST \
  --url https://example.com/api/auth/login \
  --header 'Content-Type: application/json' \
  --data '{ "email": "example", "password": "example" }'

Authenticate with email + password and issue JWT + refresh cookie.

Body: email: User’s email address password: User’s password

Returns: {“access_token”: ”…”, “user”: {…}, “expires_in_minutes”: 480} + Set-Cookie: canvas_refresh=; HttpOnly; Secure; SameSite=Lax

Request Body required

Section titled “Request Body required ”
Media type application/json
PasswordLoginBody

Request body for POST /api/auth/login.

object
email
required
Email
string
password
required
Password
string
Example generated
{
  "email": "example",
  "password": "example"
}

Responses

Section titled “ Responses ”

200

Section titled “200 ”

Successful Response

Media type application/json
LoginResponse

Response from POST /auth/login and POST /auth/magic-link/verify.

NOTE (D6 fix, May 2026): refresh tokens are emitted as Set-Cookie headers only — there is intentionally no refresh_token field in the body. Legacy UI code that read data.refresh_token was always reading undefined; that read has been removed in lockstep.

object
access_token
required
Access Token
string
user
required
LoginUserDict

Inner user payload of a login response.

object
id
required
Id
string
display_name
Any of:
string
email
Any of:
string
avatar_url
Any of:
string
provider
Any of:
string
expires_in_minutes
Any of:
integer
has_deals
Any of:
boolean
force_password_change
Any of:
boolean
matomo_visitor_id
Any of:
string
key
additional properties
any
Example generated
{
  "access_token": "example",
  "user": {
    "id": "example",
    "display_name": "example",
    "email": "example",
    "avatar_url": "example",
    "provider": "example"
  },
  "expires_in_minutes": 1,
  "has_deals": true,
  "force_password_change": true,
  "matomo_visitor_id": "example"
}

422

Section titled “422 ”

Validation Error

Media type application/json
HTTPValidationError
object
detail
Detail
Array<object>
ValidationError
object
loc
required
Location
Array
msg
required
Message
string
type
required
Error Type
string
input
Input
ctx
Context
object
Example generated
{
  "detail": [
    {
      "loc": [
        "example"
      ],
      "msg": "example",
      "type": "example",
      "input": "example",
      "ctx": {}
    }
  ]
}